Login loop

Hi all, I've tried to search and can't find anything similar in the forums. About 90% of the time after I login, if I tried to access the campaign I've created I get a Not Authorized screen, and if I go back it asks me for a login again. If I click on any other part of the site that takes me to my content(For example trying to view all my campaigns) I flips me back and asks for a login, so I get stuck in a loop of logging then trying to access campaigns, then having to log in again. I tried clearing cache and cookies, no change. I am running ABP and NoScript but turning them off on this site doesn't make any difference. It does seem to work in IE, though with the compatibility issues this obviously isn't really a solution.

The whole thing looks like a cookie issue, but I can't figure it out. Has anyone else had issues like this and/or have a solution? I'm running Firefox ver 31.0.

Please go to https://wiki.roll20.net/Solving_Technical_Issues and follow the steps.

Ok.

Step 1) Right browser.. yup, running Firefox. I don't use Chrome, though I suppose I could test if necessary but I'd prefer not to have to run multiple browsers.

Step 2) Addons.. The two I use the commonly cause issues, ABP and NoScript I tried to disable with the issue still occurring. And one addon I disabled made me unable to login at all, though it shouldn't have had any such affect, Priv3.

Step 3) Cookies and cache have been cleared, issue still occurring.

Step 4) Attached the console output just after logging in and being taken to my "home" page:

POST https://app.roll20.net/sessions/create [HTTP/1.1 303 See Other 343ms]
GET https://app.roll20.net/home [HTTP/1.1 200 OK 816ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://cdn.syndication.twimg.com/widgets/timelin... [HTTP/1.1 200 OK 469ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
Use of getPreventDefault() is deprecated. Use defaultPrevented instead. jquery.min.js:2
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://beacon-6.newrelic.com/1/50a61d60f7 [HTTP/1.1 200 OK 49ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
POST https://twitter.com/i/jot [HTTP/1.1 302 Found 354ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63

Console output after clicking on the My Campaigns link(Note that this takes me back to a login screen URL-https://app.roll20.net/sessions/new):

GET https://app.roll20.net/campaigns/search [HTTP/1.1 302 Found 257ms]
GET https://app.roll20.net/sessions/new [HTTP/1.1 200 OK 278ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
Use of getPreventDefault() is deprecated. Use defaultPrevented instead. jquery.min.js:2
GET https://beacon-6.newrelic.com/1/50a61d60f7 [HTTP/1.1 200 OK 58ms]

And there is no console output when I try to go into the Campaign and get the Not Authorized page. It's a simple white page with small font text in the upper left corner.

Also of note, when I click the forum link, I notice that in the upper right hand corner it's indicating that I'm not logged in and providing the option to login. The console output is identical to the page I get when it's asking me to login again.

If there is any additional console info I'm missing, or more output I can provide please let me know.

Thanks

Ok, Ill forward this to the Devs.

So after more than an hour of messing with cookie and addon settings, I've determined that unless I allow every single third party ad, and analytics site that roll20.net calls, I will continue to get booted back to the login screen.

After disabling everything and determining that it was working reliably, I tried to work backwards to find the specific cookie/site that my addons were reacting badly with. During testing I thought I had allowed all the ad sites and it seemed to be working, however then it suddenly failed again. When I checked the blocked sites, I discovered that the ads being loaded were from random sites, and the RNG tried to load a site I wasn't allowing. Any time there was a block from my side, the site somehow decides that the login cookie is invalid and requires me to log in again to access whatever protected content I was after.

In short, I guess I must be tracked and allow all ads to be displayed for the site to be useable.

It sounds like Priv3 is over zealous in it's deleting of cookies. It looks like this is an identified issue with Priv3: https://addons.mozilla.org/en-US/firefox/addon/pri...

You might want to try contacting Priv3 directly: http://priv3.icsi.berkeley.edu/
or an alternative to Priv3: http://m.alternativeto.net/software/priv3

If you use Chrome for Roll20, you can enter Incognito mode to isolate it from your browsing where you are blocking snooping, or setup an alternate account in Chrome for use with just Roll20.

That's not a bad idea Aaron, I might try the alternative priv and see how that works better.

Sorry, there was a typo in the alternatives link. Fixed now. AlternativeTo gives you a list of alternative programs. The top one for Priv3 is called Ghostery. I noticed that Priv3's website actually recommends it as well. :)